Security NewsWatch

NSI Security NewsWatch Banner

A weekly roundup of news, trends and insights designed exclusively for security professionals. This publication is intended for security staff only.

View in Your Browser at https://nsi.org/Security_NewsWatch/NewsWatch/2.14.17.html

In this issue — February 14, 2017

  • Retired SEAL Vice Adm. Robert Harward top candidate to replace Flynn
  • Lawmakers’ Personal Devices Need Better Security, House Member Says
  • Report: More Needed Against Insider Threat at Airports
  • Russian who Used Botnet to Steal from Thousands U.S. Banks Arrested
  • China Confirms Multi-Warhead Missile Test
  • Russian Hackers Get Burned in Deal with Russia’s Spy Agency
  • Revised Cybersecurity Exec Order Seen as More Moderate
  • Ex-NSA Contractor Faces Up to 200 Years in Prison
  • New Mac Malware from Iran Targets U.S. Defense Industry
  • Sanctions Highlight China-Iran Missile Connection
  • Army Builds Cyber-Combat Teams

Retired SEAL Vice Adm. Robert Harward top candidate to replace Flynn (Wash. Examiner, 2/14/17)

Retired Vice Adm. Robert Harward is quickly emerging as a leading contender to replace former national security adviser Mike Flynn, perhaps even the front-runner, according to some sources. In the wake of Flynn’s resignation Monday night, Harward’s name entered circulation, along with retired Gen. David Petraeus and retired Lt. Gen. Keith Kellogg, who assumed Flynn’s job after he resigned.

Harward enlisted in the Navy out of high school, got a fleet appointment to Annapolis, rose through the ranks to become a Navy SEAL, and ultimately became that community’s top commander. He retired in 2013 after serving as the three-star deputy to then-Gen. Jim Mattis at U.S. Central Command, who is now the defense secretary. A source close to Mattis told the Washington Examiner that Harward was already being considered to be undersecretary of defense for intelligence, confirming the view that Mattis is likely leaning toward the retired SEAL. More

Lawmakers’ Personal Devices Need Better Security, House Member Says (Nextgov, 2/13/17)

House members’ use of personal phones and home Wi-Fi networks for official business leaves congressional information far too vulnerable to hackers, one lawmaker says. That’s why the House Administration Committee should develop a plan to secure these personal devices and networks and give all members a classified briefing on information security threats, Rep. Ted Lieu, D-Calif., said in a letter to committee leaders released Monday.

Because of ethics restrictions on campaigning or fundraising with government-issued phones, many lawmakers do business primarily on their personal devices, the letter notes. Lieu’s letter comes as Democratic senators are raising security concerns about President Donald Trump’s apparent use of a personal Android phone to support his Twitter habit and whether his smartphone habits could be compromising government secrets.  More

Report: More Needed Against Insider Threat at Airports (Washington Post, 2/11/17)

A congressional report on the terrorist threat posed by airport insiders says the Transportation Security Administration, airport operators, and airlines must do a better job of screening workers such as baggage handlers or cleaning crews for possible security threats.  The report, released by the House Homeland Security Committee’s majority staff, cites several cases going back as far as 2008 in which aviation workers, former employees, or contractors were recruited to fight for ISIS or other terrorist groups or engaged in efforts to smuggle firearms or other contraband aboard aircraft.

It says the nation’s approximately 450 airports remain vulnerable to insider attacks because they have not taken the steps necessary to properly check and periodically recheck employees’ backgrounds in a comprehensive way. More

Russian who Used Botnet to Steal from Thousands of U.S. Banks Arrested in L.A. (Int’l Business Times, 2/11/17)

U.S. authorities have arrested an alleged Russian hacker who is believed to have stolen money from thousands of U.S. bank accounts.  The “extremely sophisticated” hacker is believed to have used a botnet of 10,000 hacked computers to launch cyberattacks.  Alexander Tverdokhlebov was arrested in Los Angeles, according to reports.

Secret Service agents’ investigation into a Russian cybercrime gang led them to the 29-year-old, who is currently being held in the Metropolitan Detention Center in Los Angeles on cybercrime and wire fraud charges.  Prosecuting attorneys describe him as being well connected, with ties to several elite Russian-language cybercrime forums.  According to the four-count indictment against Tverdokhlebov, he used a botnet to steal users’ login credentials and online bank accounts, which he and an accomplice then used to make fraudulent purchases and illegal withdrawals. More

China Confirms Multi-Warhead Missile Test (DC Free Beacon, 2/10/17)

The recent Chinese missile launch with 10 warheads was a normal “scientific” test and not targeted at any foreign nation, according to China’s Defense Ministry.  The ministry was responding to reports revealing a Chinese DF-5C missile was flight tested last month with 10 multiple independently targetable reentry vehicles, or MIRVs.  The test represented an increase in China’s multiple-warhead nuclear missiles.

The Chinese ministry commented on the missile test in a statement to China’s state-run Shenzhen television on Feb. 6 that was widely quoted in other news outlets, including the People’s Daily, the official Communist Party newspaper.  The Chinese claimed reports of the test were aimed at “hyping” China’s strategic and conventional military buildup. More

******************************************************************************************

Protecting Controlled, Unclassified Information (NSI.org)

Classified information usually gets all the attention, but a new rule that went into effect in November, addresses the way controlled, unclassified information (CUI) is marked, handled and disseminated. The new rule defines CUI as an intermediate level of protected information between classified information and uncontrolled information. It’s designed to replace the inconsistent, and often conflicting, patchwork of over 100 different agency-specific policies, markings and other requirements used to control “Sensitive But Unclassified” information. A key function of the rule is to ensure that agencies and contractors are marking and handling the information in the same way.

Get the inside track on how to manage the new CUI requirements at the upcoming NSI IMPACT ’17 security forum on April 24-26 at the Westfields Marriott in Chantilly, VA.  Mark Riddle, Senior Program Analyst at the Information Security Oversight Office will brief attendees on key features of the CUI program along with special marking and handling requirements. This workshop will provide an overview of the CUI Program, along with looming deadlines for implementation.

For more information, go to: https://www.nsi.org/impact-2017.html

******************************************************************************************

Russian Hackers Get Burned in Deal with Russia’s Spy Agency (Top Tech News, 2/10/17)

For several years, a group of Russian hackers have been posting letters and documents stolen from senior Russian officials with impunity.  And then the nation’s spy agency tracked them down and offered them a deal.

One member of the hacking group told The Associated Press that the hackers accepted the offer from the Federal Security Service, or FSB, the top KGB successor agency: show their spoils before publishing in exchange for protection.  But somehow  things went wrong for the group, and its leader and two other men have ended up behind bars. More

Revised Cybersecurity Exec Order Seen as More Moderate (Gov Info Security, 2/9/17)

A heavily revised draft of President Donald Trump’s executive order on cybersecurity lays out initiatives to build upon the previous administration’s IT security programs rather than to radically change them.  “Much of this quite literally could have been written by the Obama administration,” says Paul Rosenzweig, who served in a top Department of Homeland Security policy role during the George W. Bush administration.  “It’s a reasonable, moderate, incremental set of approaches.”

An earlier version of the draft emphasized the role of the secretary of defense, while the new version focuses on agency heads working with the director of the Office of Management and Budget and others.  Trump put plans to sign a cybersecurity order on hold earlier this month, pending a revamp.  It’s not yet clear when he plans to sign the revised order, or whether it could be changed yet again. More

Ex-NSA Contractor Faces Up to 200 Years in Prison (PC Magazine, 2/9/17)

Whenever there’s mention of leaked classified information, the name Edward Snowden comes to mind.  But a new name we may have to get used to hearing is: Harold Thomas Martin.  Martin was taken into custody in August 2016 and is facing 20 criminal counts related to stealing highly sensitive government material from the U.S. intelligence community.

For each count, the maximum prison term is 10 years, meaning if found guilty on all counts he faces up to a 200-year sentence.  As Martin is now 52, it unlikely he’ll ever experience freedom again if convicted.  Martin is a former NSA contractor.  Until 2014, he worked with at least seven companies and several government agencies.  Throughout, he was given clearance which allowed access to classified and top secret government files. More

New Mac Malware from Iran Targets U.S. Defense Industry (Apple Insider, 2/8/17)

Security researchers have discovered new malware for macOS, called “MacDownloader,” that is believed to have been created by Iranian hackers to attack individuals and companies involved in the U.S. defense industry.   Researchers analyzing online threats stemming from Iran found the malware  on a site that impersonated United Technologies Corporation.

The site, which referenced Lockheed Martin, Sierra Nevada Corporation, and Boeing, claimed to offer “Special Programs and Courses” in an attempt to attract potential defense targets.  The fake site was previously used in a spear-phishing attempt that tried to spread Windows malware.  The host, thought to be “maintained by Iranian actors,” has also been used for other phishing attempts. More

Sanctions Highlight China-Iran Missile Connection (Washington Times, 2/8/17)

The Trump administration recently imposed sanctions on Iran for its missile test, and the sanctions reveal that Tehran’s missile program is backed by covert assistance from China.  The Treasury Department’s Office of Foreign Assets Control, which enforces U.S. sanctions, said last week that a “Chinese-based network” was helping procure goods for Iran’s ballistic missile program.

The sanctions designated 13 people and 12 companies who were placed under the Treasury restrictions that prohibit U.S. companies from doing financial transactions with them.  The action followed a flight test Jan. 29 of an Iranian medium-range missile that failed a short time after launch. More

Army Builds Cyber-Combat Teams (Military.com, 2/8/17)

In an effort to strengthen its cyber-warfare prowess, the U.S. Army is deploying teams of specially trained soldiers to launch cyberattacks on Islamic State extremists, as well as embarking on an effort to recruit cyber experts from the civilian world.  Since 2010, Army cyber experts have been standing up new commands, developing training programs, and forming a cyber mission force to help combat units survive the cyber battlefield.

The Army has a requirement to field 41 teams in the cyber mission force for U.S. Cyber Command.  Currently, the service has 30 fully operational teams and is scheduled to meet the requirement before the fiscal 2018 deadline, Brig. Gen. Patricia Frost, director of Army Cyber Directorate G3/5/7, said last week. More